1. Introduction
Paxport ("we", "our", or "the Extension") is a self-custody cryptocurrency wallet for Paxeer Network. This privacy policy explains what data the Extension collects, how it is used, and your rights regarding that data.
2. Data We Collect
Paxport is designed with privacy as a core principle. We collect the absolute minimum data necessary for the wallet to function.
2.1 Data Stored Locally on Your Device
- Encrypted wallet data — Your private keys and recovery phrase are encrypted with your PIN using AES-256 and stored exclusively in your browser's local storage (
chrome.storage.local). They never leave your device. - Account addresses — Your public wallet addresses are stored locally to display balances and transaction history.
- Contacts — Saved wallet addresses you choose to label for convenience.
- Connected sites — A list of website origins you have approved for wallet connection.
- Session state — A timestamp tracking your PIN session for auto-lock functionality.
2.2 Data Transmitted to External Services
- Blockchain RPC requests — To read balances and send transactions, the Extension sends your public wallet address to the Paxeer Network RPC node (
public-rpc.paxeer.app). This is required for any blockchain wallet to function. - Portfolio and price data — Your public wallet address is sent to our indexer API to fetch token balances, transaction history, and price data. No private keys or personal information are transmitted.
- Block explorer queries — Your public address may be sent to PaxScan (
paxscan.paxeer.app) when viewing transaction details.
2.3 Data We Do NOT Collect
- We do not collect your private keys, recovery phrase, or PIN.
- We do not collect analytics, telemetry, or usage tracking data.
- We do not collect your browsing history, cookies, or personal information.
- We do not use any third-party analytics or advertising SDKs.
- We do not transmit data to any party other than the blockchain RPC and indexer APIs listed above.
3. How Your Data Is Used
- Encrypted wallet data is used solely to derive signing keys when you authorize a transaction.
- Public addresses are used to query the blockchain for balances and transaction history.
- Connected site origins are used to determine which websites may request wallet actions.
- Session timestamps are used to auto-lock the wallet after 15 minutes of inactivity.
4. Data Storage and Security
- All sensitive data (private keys, mnemonic) is encrypted with AES-256 before storage.
- Encryption keys are derived from your PIN using PBKDF2 with a unique salt.
- Data is stored in
chrome.storage.local, which is sandboxed to the extension and inaccessible to websites. - No data is stored on our servers. The wallet is entirely self-custody.
- The Extension's Content Security Policy restricts script execution to trusted sources only.
5. Third-Party Services
The Extension communicates with the following services, all operated by the Paxeer Network team:
| Service | Purpose | Data Sent |
|---|
| public-rpc.paxeer.app | Blockchain RPC | Public address, signed transactions |
| paxscan.paxeer.app | Block explorer / Indexer API | Public address |
| us-east-1.user-stats.sidiora.exchange | Portfolio & price data | Public address |
No third-party analytics, advertising, or tracking services are used.
6. Permissions Justification
- storage — Required to persist encrypted wallet data across browser sessions.
- activeTab — Required to detect the current website's URL for connection status display.
- scripting — Required to inject the wallet provider (
window.ethereum) into web pages for dApp connectivity. - sidePanel — Required to provide an expanded wallet view in Chrome's side panel.
- alarms — Required for reliable session timeout in Manifest V3 (service worker timers are unreliable).
7. Your Rights
- Full control — You can export your private keys and recovery phrase at any time from Settings.
- Data deletion — Use "Erase Wallet" in Settings to permanently delete all wallet data from your device.
- Connection management — You can view and revoke dApp connections at any time from the Connected Sites page.
- No account required — The wallet does not require registration, email, or any personal information.
8. Children's Privacy
The Extension is not directed at children under the age of 13. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. Continued use of the Extension after changes constitutes acceptance of the updated policy.
10. Contact
If you have questions about this privacy policy or the Extension's data practices, contact us at privacy@paxeer.app.
Paxport v1.0.0 — Paxeer Network